From 989647852e4527bebf27e0dcd8ee08145ea63b2e Mon Sep 17 00:00:00 2001 From: Semyon Bezrukov Date: Wed, 24 May 2023 11:51:14 +0300 Subject: [PATCH 1/3] Fix deprecated set-output (#632) --- .github/workflows/4testing-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/4testing-build.yml b/.github/workflows/4testing-build.yml index d88bbde..def1e2c 100644 --- a/.github/workflows/4testing-build.yml +++ b/.github/workflows/4testing-build.yml @@ -61,7 +61,7 @@ jobs: echo "None of the editions are selected." exit 1 fi - echo "::set-output name=editions::$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')" + echo "editions=$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')" >> $GITHUB_OUTPUT outputs: editions: ${{ steps.matrix.outputs.editions }} From 7d32cac40a7d0971e8c1d48925ed4793e12577c5 Mon Sep 17 00:00:00 2001 From: Danil Titarenko <77471369+danilapog@users.noreply.github.com> Date: Thu, 25 May 2023 16:36:33 +0300 Subject: [PATCH 2/3] Add new stable images versioning principles (#633) * Refactoring stable images release versioning The new principle of stable docker images versioning: release numbering is now not by build number, but by serial number. * Refactoring: fix non-example image pull tag --- .github/workflows/stable-build.yml | 20 ++++++++++++++++---- docker-bake.hcl | 8 ++++++-- production.dockerfile | 6 +++--- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/.github/workflows/stable-build.yml b/.github/workflows/stable-build.yml index 7063e4e..9a19768 100644 --- a/.github/workflows/stable-build.yml +++ b/.github/workflows/stable-build.yml @@ -8,6 +8,11 @@ on: description: 'Tag for release (ex. 1.2.3.45)' type: string required: true + release_number: + description: 'Sequence number of the release (ex. x.x.x.)' + type: string + required: true + default: '1' env: COMPANY_NAME: "onlyoffice" @@ -42,10 +47,12 @@ jobs: run: | set -eux VERSION=${{ github.event.inputs.tag }} + RELEASE_NUMBER=${{ github.event.inputs.release_number }} PRODUCT_EDITION=${{ matrix.edition }} TESTING_IMAGE=${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION} export PRODUCT_EDITION - export TAG=${VERSION} + export PULL_TAG=${VERSION} + export TAG=${VERSION%.*}.${RELEASE_NUMBER} export SHORTER_TAG=${VERSION%.*} export SHORTEST_TAG=${VERSION%.*.*} docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push @@ -82,8 +89,11 @@ jobs: - name: build image run: | set -eux + VERSION=${{ github.event.inputs.tag }} + RELEASE_NUMBER=${{ github.event.inputs.release_number }} + export PULL_TAG=${VERSION%.*}.${RELEASE_NUMBER} export PRODUCT_EDITION=${{ matrix.edition }} - export TAG=${{ github.event.inputs.tag }} + export TAG=${VERSION%.*}.${RELEASE_NUMBER} docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push shell: bash @@ -113,12 +123,14 @@ jobs: - name: build UCS run: | set -eux + VERSION=${{ github.event.inputs.tag }} + RELEASE_NUMBER=${{ github.event.inputs.release_number }} export PRODUCT_EDITION=${{ matrix.edition }} export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }} export DOCKERFILE=Dockerfile export BASE_IMAGE=ubuntu:20.04 export PG_VERSION=12 - export TAG=${{ github.event.inputs.tag }} - export PACKAGE_VERSION=$( echo ${TAG} | sed -E 's/(.*)\./\1-/') + export TAG=${VERSION%.*}.${RELEASE_NUMBER} + export PACKAGE_VERSION=$( echo ${VERSION} | sed -E 's/(.*)\./\1-/') docker buildx bake -f docker-bake.hcl documentserver-ucs --push shell: bash diff --git a/docker-bake.hcl b/docker-bake.hcl index 28396a6..4082f4a 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -10,6 +10,10 @@ variable "SHORTEST_TAG" { default = "" } +variable "PULL_TAG" { + default = "" +} + variable "COMPANY_NAME" { default = "" } @@ -90,7 +94,7 @@ target "documentserver-stable" { equal("-ee",PRODUCT_EDITION) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",] platforms = ["linux/amd64", "linux/arm64"] args = { - "TAG": "${TAG}" + "PULL_TAG": "${PULL_TAG}" "COMPANY_NAME": "${COMPANY_NAME}" "PRODUCT_NAME": "${PRODUCT_NAME}" "PRODUCT_EDITION": "${PRODUCT_EDITION}" @@ -121,7 +125,7 @@ target "documentserver-nonexample" { tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ] platforms = ["linux/amd64", "linux/arm64"] args = { - "TAG": "${TAG}" + "PULL_TAG": "${PULL_TAG}" "COMPANY_NAME": "${COMPANY_NAME}" "PRODUCT_NAME": "${PRODUCT_NAME}" "PRODUCT_EDITION": "${PRODUCT_EDITION}" diff --git a/production.dockerfile b/production.dockerfile index 3c7b3bd..0706a58 100644 --- a/production.dockerfile +++ b/production.dockerfile @@ -1,15 +1,15 @@ ### Arguments avavlivable only for FROM instruction ### -ARG TAG=latest +ARG PULL_TAG=latest ARG COMPANY_NAME=onlyoffice ARG PRODUCT_EDITION= ### Build main-release ### -FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${TAG} as documentserver-stable +FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-stable ### Build nonexample ### -FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${TAG} as documentserver-nonexample +FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-nonexample ARG COMPANY_NAME=onlyoffice ARG PRODUCT_NAME=documentserver From 48add9dc896cca14eebc8ed302266a3b2ad942a9 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Fri, 26 May 2023 18:59:54 +0500 Subject: [PATCH 3/3] Add the ability to enable request filtering agent (#628) --- README.md | 2 ++ run-document-server.sh | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/README.md b/README.md index 1364ab9..cfa9e46 100644 --- a/README.md +++ b/README.md @@ -196,6 +196,8 @@ Below is the complete list of parameters that can be set using environment varia - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`. - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`. - **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`. +- **ALLOW_META_IP_ADDRESS**: Defines if it is allowed to connect meta IP address or not. Defaults to `false`. +- **ALLOW_PRIVATE_IP_ADDRESS**: Defines if it is allowed to connect private IP address or not. Defaults to `false`. - **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false` - **GENERATE_FONTS**: When 'true' regenerates fonts list and the fonts thumbnails etc. at each start. Defaults to `true` - **METRICS_ENABLED**: Specifies the enabling StatsD for ONLYOFFICE Document Server. Defaults to `false`. diff --git a/run-document-server.sh b/run-document-server.sh index 967225a..9a4d174 100644 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -92,6 +92,8 @@ JWT_HEADER=${JWT_HEADER:-Authorization} JWT_IN_BODY=${JWT_IN_BODY:-false} WOPI_ENABLED=${WOPI_ENABLED:-false} +ALLOW_META_IP_ADDRESS=${ALLOW_META_IP_ADDRESS:-false} +ALLOW_PRIVATE_IP_ADDRESS=${ALLOW_PRIVATE_IP_ADDRESS:-false} GENERATE_FONTS=${GENERATE_FONTS:-true} @@ -344,6 +346,12 @@ update_ds_settings(){ ${JSON} -I -e "if(this.wopi===undefined)this.wopi={}" ${JSON} -I -e "this.wopi.enable = true" fi + + if [ "${ALLOW_META_IP_ADDRESS}" = "true" ] || [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ]; then + ${JSON} -I -e "if(this.services.CoAuthoring['request-filtering-agent']===undefined)this.services.CoAuthoring['request-filtering-agent']={}" + [ "${ALLOW_META_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowMetaIPAddress = true" + [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowPrivateIPAddress = true" + fi } create_postgresql_cluster(){